from the security-through-intimidation dept

Because nothing motivates stupid legislative activity better than a tragedy, various officials are moving forward with dubious activities in the wake of the Pittsburgh synagogue shooting. In the state of New York, a couple of politicians have just announced a Constitutional violation two-fer, offering to separate residents from their Second Amendment rights by using their First Amendment rights against them.

Eric Adams, the president of Brooklyn Borough, and state Senator Kevin Palmer are currently writing the proposed legislation, which would give law enforcement authorities the power to check up to three years of an individual’s social media accounts and internet search history before they are allowed to buy a gun, WCBS Newsradio 880 reported. One of the main aims is to identify any hate speech shared by the users, as the politicians noted that such offensive comments are generally only discovered after mass shootings occur.

This proposal was offered up with complete sincerity despite:

a.) Hate speech being protected under the First Amendment, and

b.) the bill not targeting Gab -- the site where the shooter's anti-Semitic speech/threats were posted.

“My office is reviewing this platform, which was used by the killer to spread his hateful messages,” Shapiro told Haaretz in an interview. “We have strong first amendment protections in this country, and that’s very important for me, but when that speech includes incitement to violence, that crosses a line. We cannot tolerate that.”

"Reviewing the platform…" Those are imprecise words promising imprecise actions. And the imprecise actions have arrived. Gab was the first to report on Shapiro's "review" of its platform. Via Twitter, Gab announced the receipt of a broad, vague subpoena from Shapiro's office. The tweets have since been deleted, but not before being archived. Here's a screenshot of the first two tweets Gab sent to AG Shapiro. (via Timothy Lee at Ars Technica)

The subpoena wasn't sent to Gab, but rather Epik, the domain provider Gab picked up after being dropped by GoDaddy in the days after the shooting. The whole subpoena -- rescued from deleted tweets -- can be found at Unicorn Riot. The subpoena demands Epik turn over pretty much any document the domain provider might have on Gab, including names and addresses of "any and all persons or entities employed by, representing, or otherwise acting on behalf of Gab."

Shapiro's fishing expedition -- which decided to bypass Gab (most likely in hopes of finding its DNS provider more cooperative) -- comes complete with a very half-assed gag order request.

Any disclosure to any person or entity, other than the person or entity identified as the Respondent, that a subpoena has been issued in this matter may jeopardize an ongoing civil investigation. Therefore, you are hereby requested to refrain from notifying any person or entity, other than said Respondent, that the subpoena has been issued.

The tweets from Gab to AG Shapiro, which included screenshots of the subpoena, likely made it clear Epik didn't think much of the AG's "shut up, please" request. Now, the overbroad demand is all over the internet, showing AG Shapiro would rather score political points post-tragedy than respect enshrined rights or statutory immunity.

First, Epik should be shielded from any civil enforcement actions against Gab under Section 230. It doesn't appear the AG is seeking to take action against Epik, but nothing about these early developments that rules this course of action out. Second, the nominal target of Shapiro's investigation contains a whole lot of unpleasant, but Constitutional speech. Third, it's unclear what Shapiro is trying to accomplish. It appears Shapiro just wants to gather a bunch of information and then decide what sort of investigation he'd like to pursue. That's not how investigations (and their attendant paperwork) are supposed to work.

It seems more like a Sheriff Dart-esque campaign of intimidation than a legitimate use of the AG's office, as Eric Goldman points out in the Ars Technica article. I guess we'll know more if Gab is forced to change registrars again. If Shapiro's office arrives shortly thereafter with subpoena in hand, the "investigation" is nothing more than a quick and dirty way to push providers away from doing business with Gab.

from the probably-just-a-coincidence dept

We recently wrote about an interesting comment from Vladimir Putin's Press Secretary that Russia had no intention of cutting itself off from the rest of the Internet. But there's another side to the disconnection story, as this Guardian news item reveals:

Russia could pose a major threat to the UK and other Nato nations by cutting underwater cables essential for international commerce and the internet, the chief of the British defence staff, Sir Stuart Peach, has warned.

Russian ships have been regularly spotted close to the Atlantic cables that carry communications between the US and Europe and elsewhere around the world.

In other words, although Russia says it won't cut itself off from the Internet, it could probably cut off many NATO countries. A new report, entitled "Undersea Cables: Indispensable, insecure", emphasizes the importance and vulnerability of the underwater cables that provide much of the Internet's global wiring:

97% of global communications and $10 trillion in daily financial transactions are transmitted not by satellites in the skies, but by cables lying deep beneath the ocean. Undersea cables are the indispensable infrastructure of our time, essential to our modern life and digital economy, yet they are inadequately protected and highly vulnerable to attack at sea and on land, from both hostile states and terrorists.

US intelligence officials have spoken of Russian submarines "aggressively operating" near Atlantic cables as part of its broader interest in unconventional methods of warfare. When Russia annexed Crimea, one of its first moves was to sever the main cable connection to the outside world.

Traffic sent to and from Google, Facebook, Apple, and Microsoft was briefly routed through a previously unknown Russian Internet provider Wednesday under circumstances researchers said was suspicious and intentional.

large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications.

These events are a reminder that the online world depends on technologies where trust is an important element. That approach is now looking increasingly shaky as nation states wage attacks not just by means of the Internet, but even against it. This may explain why Russia says it wants alternative DNS servers for the BRICS nations: they could come in quite handy if -- by any chance -- the rest of the Internet goes down.

The Russian Security Council has asked the country's government to develop an independent internet infrastructure for BRICS nations, which would continue to work in the event of global internet malfunctions.

The RT news story has some details on how the BRICS subnet will work:

They decided that the problem should be addressed by creating a separate backup system of Domain Name Servers (DNS), which would not be subject to control by international organizations. This system would be used by countries of the BRICS bloc -- Brazil, Russia, India, China and South Africa.

The plan has evidently developed from a purely Russian intranet system to one that includes the other BRICS nations. Creating additional DNS servers will be easy, so there's no reason why it shouldn't happen -- not least because Putin has "personally set a deadline of August 1, 2018 for the completion of the task". Perhaps the most interesting aspect of the story is the following comment by Putin's Press Secretary, Dmitry Peskov:

"Russia’s disconnection from the global internet is of course out of the question," Peskov told the Interfax news agency. However, the official also emphasized that "recently, a fair share of unpredictability is present in the actions of our partners both in the US and the EU, and we [Russia] must be prepared for any turn of events."

That offers a pragmatic recognition that disconnection from the global Internet is no longer an option for a modern state, even if Iran begs to differ. It's true that local DNS servers provide resilience, but they also make it much easier for a government to limit access to foreign sites by ordering their IP addresses to be blocked -- surely another reason for the move.

This latest proposal is part of a long-running campaign by Russia to wrest control of key aspects of the Internet -- such as the DNS system -- from international bodies, for example during the ITU's World Conference on International Communications (WCIT) in 2012. Russia already had the support of other BRICS governments back then, which suggests they will back the new approach.

from the hello-prior-restraint dept

We've discussed in the past the completely ridiculous attacks on Sci-Hub, a site that should be celebrated as an incredible repository of all the world's academic knowledge. It's an incredible and astounding achievement... and, instead of celebrating it, we have big publishers attacking it. Because copyright. And even though the purpose of copyright was supposedly to advance "learning" and Sci-Hub serves that purpose amazingly well, so many people have bought into the myth of copyrights must "exclude" usage, that we're in a time where one of the most amazing libraries in the world is being attacked. Sci-Hub lost its big case earlier this year, and almost immediately others piled on. Specifically, back in June, the American Chemical Society (ACS) jumped in with a similar "us too!" lawsuit, knowing full well that Sci-Hub would likely ignore it.

ACS has moved for a default judgment against Sci-Hub (what you tend to get when the defendant ignores the lawsuit), which it would likely get. However, in an extremely troubling move, the magistrate judge reviewing the case for the Article III judge who will make the final ruling has recommended forcing ISPs and search engines to block access to Sci-Hub. After recommending the standard (and expected) injunction against Sci-Hub, the recommendation then says:

In addition, the undersigned recommends that it be ordered that
any person or entity in privity with Sci-Hub and with notice of the injunction, including any
Internet search engines, web hosting and Internet service providers, domain name registrars, and
domain name registries, cease facilitating access to any or all domain names and websites
through which Sci-Hub engages in unlawful access to, use, reproduction, and distribution of
ACS's trademarks or copyrighted works. Finally, the undersigned recommends that it be
ordered that the domain name registries and/or registrars for Sci-Hub's domain names and
websites, or their technical administrators, shall place the domain names on
registryHold/serverHold or such other status to render the names/sites non-resolving.

So, this is kind of incredible. Because, as you might remember, there was a big fight a little over five years ago about a pair of bills in Congress called SOPA and PIPA that proposed allowing for such an order being issued to third parties like search engines, ISPs, domain registrars and the like, demanding they block all access to certain websites. And, following quite a public outcry (which also explained why this approach would do serious harm to certain security standards and other technical aspects of how the internet works), Congress backed down and decided it did not want to enable courts to issue such orders.

So why the hell is Magistrate Judge John F. Anderson recommending such an order?

At the very least, it seems problematic. Even if you ignore the Sci-Hub part of the equation (since it ignored the lawsuit, a default judgment was basically inevitable), you should be concerned about this. Here's a court order binding a very large number of non-parties to the lawsuit to completely block access to a variety of websites, without any sort of due process. One hopes that ISPs, domain registrars and search engines will push back on such an overbroad order -- one that even Congress realized was a step too far and never authorized.

from the so-dumb dept

On Monday evening, you may have seen news of a "big scoop" at Slate by famed reporter Franklin Foer, about how Donald Trump had a server that was "communicating" with a Russian server. Foer, who famously got pushed out of The New Republic for not being very with it on technology on the internet (among other things), makes a really big deal out of some really weak tea. After reading the article (along with another one alleging Russian spies had been "cultivating" Trump) I tweeted out that the evidence on both was super weak. I kept expecting a smoking gun in the Foer piece, but instead got a lot of handwaving and confusion about DNS. Of course, Clinton supporters were quick to jump on the article as some sort of proof, despite the really weak claims.

A lot of Foer's work stems from an anonymous blog post from a few weeks earlier that tries to make a big deal out of some extraordinarily weak connections. The confirmation bias is strong with the folks involved here. The biggest clue? This ridiculous chart that tries to show increased activity between the Trump server and the Russian bank server at key moments, but doesn't actually show that. There seem to be random ups and downs at the conventions, and then a huge spike in the middle of August which corresponds with... nothing. But the researchers and Foer just ignore it. In fact, Foer actually claims that "there were considerably more DNS lookups, for instance, during the two conventions." Except there weren't really.

And, of course, within a few hours, people were debunking basically every aspect of the story. The Intercept notes that at least six other news outlets had been looking into the same story, and none of them felt comfortable pushing a story, because the details just didn't stack up. The first person I saw to debunk it was Naadir Jeewa, who pointed out that the server was maintainted by Cendyn, a marketing company that handles email spam marketing for tons of hotel chains, including Trump. The "connection" from Alfa-Bank, he suggested, was just a typical email scanner attempting to reverse the connection as a sort of anti-spam tool (basically checking if the email server is real). As Jeewa concludes:

Feel sorry for the person at Alfa who stayed in a Trump hotel, forgot to unsubscribe to cheesy emails and might be in a load of trouble

The Intercept actually reached out to Alfa-Bank... and got the hotel spam that it had received from Trump. They also received the similar spam from Spectrum Health (who is included in Foer's story for reasons too pointless to explain). Guess what: spam.

Rob Graham from Errata Security went even deeper in explaining how this was a giant nothing grown out of a reporter getting confused. Cendyn doesn't just control the mail1.trump-email.com domain, but also controls a variety of other hotel domains, including hyatte-concierge.com, reservertravelonline.com, sheratonmenus.com, westinmenus.com, hyattmenus.com, cphollywoodbeach.com (CP = Crown Plaza), hayattproposal.com and a bunch of others as well. It's not Trump using this, it's a marketing company that specializes in spamming hotel customers. From Graham:

This is why we can't have nice things on the Internet. Investigative journalism is dead. The Internet is full of clues like this if only somebody puts a few resources into figuring things out. For example, organizations that track spam will have information on exactly which promotions this server has been used for in the recent past. Those who operate public DNS resolvers, like Google's 8.8.8.8, OpenDNS, or Dyn, may have knowledge which domain was related to mail1.trump-email.com.

Indeed, one journalist did call one of the public resolvers, and found other people queried this domain than the two listed in the Slate story -- debunking it. I've heard from other DNS malware researchers (names remain anonymous) who confirm they've seen lookups for "mail1.trump-email.com" from all over the world, especially from tools like FireEye that process lots of spam email. One person claimed that lookups started failing for them back in late June -- and thus the claim of successful responses until September are false. In other words, the "change" after the NYTimes queried Alfa Bank may not be because Cendyn (or Trump) changed anything, but because that was the first they checked and noticed that lookup errors were happening.

But Graham also points out that all this fretting about Trump & Russia misses the real story here. The only reason this is a story at all is because some nameless security researchers started abusing the data they were given access to for malware research. Much of what Foer relies on came from an anonymous researcher going by the name "Tea Leaves". But Graham points out that the real story here is how companies are sharing all sorts of information with security researchers under the belief that it will only be used for malware research... and not for spying on what server is connecting to what server:

Malware research consists of a lot of informal relationships. Researchers get DNS information from ISPs, from root servers, from services like Google's 8.8.8.8 public DNS. It's a huge privacy violation -- justified on the principle that it's for the general good. Sometimes the fact that DNS information is shared is explicit, like with Google's service. Sometimes people don't realize how their ISP shares information, or how many of the root DNS servers are monitored.

People should be angrily calling their ISPs and ask them if they share DNS information with untrustworthy researchers....

This is another reason why we've pointed out that all the focus on "information sharing" in various cybersecurity bills from Congress was a red herring. Information sharing can lead to all sorts of questionable activity. It's done in these instances for the purpose of spotting malware, but it appears some researchers went looking for weird Trump conspiracy theories and were so invested in those theories that they didn't even realize how ridiculous it was when looked at in the light of day -- and also forgot that they're not supposed to reveal they have access to this info.

Yes, of course, we're at the very peak of the political silly season and lots of people are looking for big breaking stories. But it would be nice if we could keep them in the realm of reality.

from the take-your-pick dept

As you know, last week, large chunks of the internet spent hours writhing on the ground and totally inaccessible thanks to a giant DDoS attack that appears to have been launched via a botnet involving insecure DVR hardware (which can't be patched -- but that's another post for later). Of course, whenever this kind of thing happens, you know that some people on the politics side of things are going to come up with dumb responses, but there were some real whoppers on Friday. I'm going to focus on just two, because I honestly can't decide which one of these is dumber. I'll discuss each of them, and then you guys can vote and let us know: which of these is dumber.

On Friday she went on CNN to discuss a variety of things, and the first question from Wolf Blitzer was about the DDoS attacks, and her answer is the sort of nonsense word salad that is becoming all too common in politics these days, but where she appears to suggest that if we'd passed SOPA this kind of attack wouldn't have happened. She's not just wrong, she's incredibly clueless.

Here's what she said:

Wolf, you don't know who is behind this, you do not know if it's foreign or domestic. What I do know is over the years we have tried to pass a data security legislation. There's been bipartisan agreement in the House. It has not moved forward in the Senate. We also know that a few years ago we tried to do a bill called SOPA in the House which would require the ISPs to do some governance on these networks and to block some of the bad actors.

And of course, there were all of the cyberbots that took out after us that were trying to say 'no you can't do that you're going to impede our free speech.' We said 'no we're trying to keep the roadway clear and to keep some of these bad actors out of the system.'

So, what you have now, whether it is foreign or domestic, no one knows. No one knows who has released some ransomware, spyware, malware into the system that is cau... and bear in mind also this malware can live on your system for a year or much longer before it is detected.

And that is how you've had some of these extensive data breaches because the malware gets into the system, it rests there, it is pulling information and at some point, it activates. And as I tell my constituents, be careful what websites you go to, be careful what emails you open because you may be unintendedly inviting that malware or spyware into your system.

Okay, so. Almost nothing that is said above has anything to do with the DDoS attack. Not at all. Not the "data protection" bill, which is basically about requiring companies to reveal breaches to those impacted. But most certainly not SOPA, which had nothing whatsoever to do with anything having to do with cybersecurity or online attacks or DDoS. And "cyberbots"? Is she implying that the millions of people who spoke out against SOPA were some sort of fake bots? SOPA wouldn't have done anything to stop this kind of attack at all. It had nothing to do with this issue in any way shape or form. Not that Wolf Blitzer seems to know or care about any of that as he just accepts that answer and moves on.

So that's the first dumb response. Now the second: the IANA transition. We've been discussing this for years, and as we've explained, the transition is a good thing in taking an argument away from countries like Russia and China who have been trying to get more control over internet governance, by dropping an almost entirely superficial connection between the fairly minor IANA function and the US Commerce Dept. The transition happened a few weeks ago and nothing on the internet has changed, nor will it, because of this transition. It's a non-story. But, Ted Cruz tried to make it a story and now it's become a partisan thing for no good reason at all. And thus, given an opportunity, partisan sites are blaming the IANA transition for the DDoS:

Today there was a major attack on a part of the Internet that few people pay any attention to. It’s critically important though, and any disruption threatens both our prosperity as Americans, but also our freedom to communicate with each other.

This is a great reminder of why President Obama’s Internet handover plans are so threatening to our way of life.

Probable foreign attackers effectively took thousands of companies off of the Internet today by attacking a major Domain Name Service (DNS) provider: Dyn. This two-hour outage surely cost many people, very much money.

What is DNS, and why is it so important? Put simply, DNS is the system that tells people how to find you online. It converts the names of servers and sites, into numbers that the Internet Protocol can find. It’s an essential service of the commercial Internet.

And yet Barack Obama is trying to hand control of DNS over to the Chinese and the Russians. Ted Cruz has been warning people about this, and so have I. People tend to tune it out, because it sounds like a very technical, obscure issue that isn’t very important.

Well, first of all, newsflash: the transition happened three weeks ago, and Neil Stevens at Red State is so concerned about this he didn't even notice. Damn. Sneaky Obama. Second, the hand over of the IANA functions has absolutely nothing to do with a DDoS attack or what it would take to prevent it. Yes, there are some ridiculous aspects to the DNS system, some of which are managed by ICANN. But (1) the IANA transition has nothing to do with "handing control" over to the Chinese or Russians (in fact, it's the opposite -- it takes a big argument away from the Russians and Chinese that they had been using to try to seize more control, and actually makes it much more difficult for them to take control by making sure nationstates actually have very little say in internet governance). And (2) the IANA transition has fuck all to do with DDoS attacks.

Both of these examples seem to be completely clueless, technically illiterate people using real problems (the fragility of DNS systems, the massive unsecured bot-infested systems out there, the ease of taking down important systems, overly centralized critical systems), and using them to pitch some entirely separate personal pet complaint or project. But both are completely ignorant. The only question is which one is worse:

from the this-is-no-longer-theoretical dept

Last month, we wrote about Bruce Schneier's warning that certain unknown parties were carefully testing ways to take down the internet. They were doing carefully configured DDoS attacks, testing core internet infrastructure, focusing on key DNS servers. And, of course, we've also been talking about the rise of truly massive DDoS attacks, thanks to poorly secured Internet of Things (IoT) devices, and ancient, unpatched bugs.

That all came to a head this morning when large chunks of the internet went down for about two hours, thanks to a massive DDoS attack targeting managed DNS provider Dyn. Most of the down sites are back (I'm still having trouble reaching Twitter), but it was pretty widespread, and lots of big name sites all went down. Just check out this screenshot from Downdetector showing the outages on a bunch of sites:

You'll see not all of them have downtime (and the big ISPs, as always, show lots of complaints about downtimes), but a ton of those sites show a giant spike in downtime for a few hours.

So, once again, we'd like to point out that this is as problem that the internet community needs to start solving now. There's been a theoretical threat for a while, but it's no longer so theoretical. Yes, some people point out that this is a difficult thing to deal with. If you're pointing people to websites, even if we were to move to a more distributed system, there are almost always some kinds of chokepoints, and those with malicious intent will always, eventually, target those chokepoints. But there has to be a better way -- because if there isn't, this kind of thing is going to become a lot worse.

from the well,-that's-just-dandy dept

Generally speaking, taking cues from China on things like best ways to censor the internet... probably isn't the best idea. Yet, it appears that's exactly what the UK's big surveillance agency, GCHQ is doing. The "Director-General of Cyber" (that's a thing? yikes!) at GCHQ, Ciaran Martin, gave a speech at a cybersecurity summit in DC recently and announced exciting plans to censor the UK internet at a DNS level. No, really.

Finally, we're exploring a flagship project on scaling up DNS filtering: what better way of providing automated defences at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses? Now it's crucial that all of these economy-wide initiatives are private sector led. The Government does not own or operate the Internet. Consumers must have a choice. Any DNS filtering would have to be opt out based. So addressing privacy concerns and citizen choice is hardwired into our programme.

Of course, while the reasoning and sentiment may sound good, we've pointed out time and time again how DNS filtering, in particular is a really bad idea that actually does more harm than good for internet security. The internet works under the expectation that when you put in an address, the DNS system returns with info from the proper server.

And, of course, once you start mucking with the DNS system for filtering out stuff that you consider to be "malware" or "bad addresses" you open it up to much worse. You also end up validating China's Great Firewall, since China just responds that their use of DNS filtering is also used to block "bad addresses." It's just that they have a different interpretation of what's "bad."

from the because-anti-piracy-is-more-important-than-the-internet dept

We already wrote about the MPAA's plan to break the internet by trying to twist a portion of the DMCA to force ISPs to remove DNS entries, making sites effectively disappear off the internet. However, one key element to this actually relies on an issue closely related to the net neutrality fight -- though understanding it involves going pretty deep into both copyright law and telecommunications law.

Historically, the MPAA has been against net neutrality for a long time. Back in 2007, during the original net neutrality fight, the MPAA weighed in with an FCC filing against net neutrality, arguing that it would interfere with filtering technologies that it wanted ISPs to start using. In 2009, as the second net neutrality battle ramped up, the MPAA sent a similar filing -- with some friends arguing that net neutrality is just another word for file sharing, and would lead to "rampant looting." Given all this, the 2010 open internet rules from the FCC included a special carveout for copyright content, arguing that the rules "do not apply" to copyright infringement.

We noted, earlier this year, how ridiculous it was that the MPAA was still on the wrong side of the net neutrality debate, seeing as how it would stifle a bunch of important new developments that have vastly improved things for filmmakers. But, it appears that the MPAA didn't get the message, at all. The only message it got was to be quieter about its opposition to net neutrality. In some of the leaked emails, it's noted that the MPAA's strategy on net neutrality is to be quiet and evasive about it:

On network neutrality: Most member companies supported, in principle, a narrow, low-profile MPAA filing focused on opposition to the regulation of content.

And, indeed, that's basically what happened. On September 15th, the MPAA filed a fairly short comment that mainly focused on making sure the new rules don't create some sort of compulsory licensing scheme for content (no actual rules under consideration would do that) and that they don't interfere with copyright law. Just a few weeks ago, it appears that the MPAA and a bunch of studio execs further met with the FCC to reiterate that there should be a copyright infringement loophole in any net neutrality rules:

the FCC should adopt its tentative conclusion to cary forward language in its previous network neutrality provisions making clear that the rules do not prevent content companies and ISPs from combating piracy...

That's all to be expected. But there's something much more nefarious going on, which came out in the leaked document [pdf] we discussed earlier about pretending that the DMCA requires DNS-level takedowns. We were a bit confused, initially, by TorrentFreak's recent mention of the MPAA exploring the use of the Communications Act, but the full leak of the document makes that much clearer.

It's not that the MPAA is looking to use the Communications Act against ISPs, but rather, the plan is to think about using the ISPs' own arguments against net neutrality as a wedge to force them into site blocking. To understand how this works, you have to go back nearly a decade to to the Supreme Court's ruling in the Brand X case (which, coincidentally, came out the same day as the Grokster ruling). This was the case in which the Supreme Court upheld the FCC's decision to say that cable internet providers could be classified under Title I as an "information service" rather than a "telecommunications service" (under Title II).

Obviously, that's the key fight that we're in today -- to see whether the FCC can go "reclassify" internet (for both cable and DSL) away from Title I and back to Title II. Here's why this matters in the copyright context: as we mentioned in our earlier post, "notice and takedown" provisions in the DMCA do not apply to "transitory digital network communications" under 512(a) of the DMCA. In plain language, this means that copyright holders can't send takedown notices or append liability to a network provider just because some infringing content traversed its network. That makes sense. Without that, networks would have to do deep packet inspection and try to spy on basically all traffic.

But... part of the reason why broadband companies won the Brand X case was by arguing that they're a lot more than just a network "telecommunications" service -- and that's because (they argued) they provide a lot more -- including DNS services. And, thus, the MPAA argues, under the Brand X ruling, broadband providers are effectively admitting that DNS services are not covered by the DMCA's 512(a) and thus may be covered by 512(d) ("information location tools") which are subject to notice and takedown rules. Here's the MPAA explanation:

ISPs successfully advocated before the FCC, and then at the U.S. Supreme Court..., that broadband service does not constitute a “telecommunications service” within the definition of 47 U.S.C. 153(53) because broadband ISPs offer functionalities such as email and DNS, which are not “telecommunications.”.....

Because ISPs offer an intertwined service package that includes both telecommunications and information services, the FCC held in Cable Modem Declaratory Ruling, and the Supreme Court affirmed in Brand X, that retail ISP service from a last-mile provider is not an “offering” of telecommunications to the public within the meaning of the “telecommunications service” definition, because the “offering” includes both telecommunications and information services blended into the same service.

From there, the MPAA notes that the definition of a "service provider" is very similar under both the Communications Act and the DMCA -- meaning that there's a "colorable" argument, that since broadband providers have convinced the FCC and the courts that they're not telecommunications services under the Communications Act it should also mean that they're not a "transitory digital network communications service provider" under the DMCA:

...both statutory definitions are essentially identical (and the legislative history shows an intent to make them identical), and, having successfully advocated for and obtained a holding from the FCC that they do not provide “telecommunications services” for purposes of the Communications Act, ISPs should not then be allowed to turn around and claim that they are “service providers” for purposes of the DMCA. One might further contend that any specific ISPs that litigated the Brand X case or its progeny should be estopped from taking a contrary position under the DMCA.

In short, because these ISPs got classified as information services rather than as telco services by the FCC (and the Supreme Court said that was okay), they can't then argue that they are telco services for the DMCA protections.

Given that, if the FCC were to reclassify broadband back under Title II, this leg of the MPAA's argument would essentially evaporate. Because it would confirm, absolutely, that broadband providers are telco service providers, and thus clearly protected by the DMCA under 512(a). Thus, for the whole "notice and takedown at the DNS level" plan to be most likely to succeed, the MPAA really needs broadband to remain classified under Title I, so that it can rely on the argument that DNS services are not part of being a telecommunications service, but rather should be classified as a "information location tool" subject to notice and takedown.

I recognize that this may be confusing to follow -- though I've tried to lay out the specifics from both copyright and telco law in a way that's clear. The short version of this is simply that a key part of the MPAA's "site blocking by DNS" plan, actually relies on the fact that broadband providers are not, currently, classified as telco services under Title II. If that changes, it takes away a big part of the MPAA's legal argument. Personally, I think the MPAA's argument, even if broadband is classified under Title I, is incredibly weak already, but having the FCC reclassify broadband providers back under Title II would make the MPAA's attempt to break the internet that much harder, even with the loophole language concerning copyright infringement.

And, of course, all this goes to show just how far former Senator, now MPAA boss, Chris Dodd has gone in selling his soul to Hollywood. Back when he was in Congress, he was a big supporter of net neutrality. Apparently, being principled doesn't pay as good.

from the how-very-nice-of-them dept

Yes, all the attention these days about the Sony hack is on the decision to not release The Interview, but it still seems like the big story to come out of the hack is the sneaky plans of the MPAA in its bizarre infatuation with attacking the internet. We've already covered the MPAA's questionably cozy relationship with state Attorneys General (to the point of both funding an investigation into Google and writing documents for those AGs to send in their names), as well as the continued focus on site blocking, despite an admission that the MPAA and the studios still don't have the slightest clue about the technology implications of site blocking.

For years, actual technology experts have explained why DNS blocking is a really bad idea, but the MPAA just can't let it go apparently. It's just, this time, it's looking for ways to do it by twisting existing laws, rather than by getting a new SOPA-like law passed.

To understand the plan, you have to first understand the DMCA section 512, which is known as the safe harbor section, but which includes a few different sections, with different rules applying to different types of services. 512(a) is about "transitory digital network communications" and basically grants very broad liability protection for a network provider who isn't storing anything -- but just providing the network. There are good reasons for this, obviously. Making a network provider liable for traffic going over the network would be a disaster for the internet on a variety of levels.

The MPAA lawyers appear to recognize this (though they make some arguments for getting around it, which we'll get to in a follow-up post), but they argue that a specific narrow attack via DMCA might be used to force ISPs to break the basic internet by disabling entries in their own DNS databases. The trick here is twisting a different part of the DMCA, 512(d), which is for "information location tools." Normally, this is what's used against search engines like Google or social media links like those found on Twitter. But the MPAA argues that since ISPs offer DNS service, that DNS service is also an "information location tool" and... ta da... that's how the MPAA can break DNS. The MPAA admits that there's an easy workaround for end-users -- using third-party DNS providers like OpenDNS or Google's DNS service -- but many users won't do that. And the MPAA would likely go after those guys as well.

At the same time, even this narrow limitation on ISPs’ immunity could have the salutary effect of requiring ISPs to respond to takedown notices by disabling DNS lookups of pirate sites through the ISPs’ own DNS servers, which is not currently a general practice. Importantly, the argument for such a requirement need not turn on the Communications Act, but can instead be based on the DMCA itself, which expressly limits ISPs’ immunity to each “separate and distinct” function that ISPs provide. See 17 U.S.C. § 512(n). A reasonable argument can be made that DNS functionality is an “information location tool” as contemplated by DMCA Section 512(d) and, therefore, that ISPs are required, as a condition of the safe harbor, to cease connecting users to known infringing material through their own DNS servers. Should this argument hold – and we believe that it has a reasonable prospect of success – copyright owners could effectively require ISPs to implement a modest (albeit easily circumvented) form of DNS-based site blocking on the basis of only a takedown notice rather than litigation.

In short, since DMCA takedown notices apply to "information location tools," but not to "transitory network communications," the MPAA would like to argue that just the DNS lookup functionality is an information location tool -- and can thus be censored with just a takedown notice. This is both really slimy (though brilliant in its nefariousness) and insanely dangerous for the internet and free speech. We see so many bogus DMCA takedowns of basic content today, and here the MPAA is looking to effectively, and sneakily expand that to whole sites by misrepresenting the law (badly).

DNS is not an "information location tool" in the sense of a search engine. It's the core underpinning of how much of the internet works. At no point in the 16 years the DMCA has been around has anyone made an argument that the DNS system was covered by the "information location tools" definition. Because that's clearly not what it was written to cover. The MPAA's lawyers (in this "confidential" memo) appear to recognize that this argument doesn't fully make sense because of that, but they seem to think it's worth a go:

To be sure, the argument is not guaranteed to succeed, as unlike a “pointer” or “hyperlink text,” DNS provides a user’s browser with specific information (IP routing information) that the user has requested by other means (alphanumeric internet addresses), as opposed to providing the user with an active interface allowing the user to request information online, as they might from a clickable page of search results. But at least in the literal sense, DNS appears to fit within the list of Section 512(d) functions and a reasonable argument can be made that DNS is more like a “directory” than the provision of “routing” and should be treated accordingly under the statute as a Section 512(d) function rather than a Section 512(a) function.

Pushing this argument would raise many of the problems found with the original DNS-breaking proposal in PIPA/SOPA. It would raise even more serious questions about the First Amendment and prior restraint. Effectively, it would be moving the definition of "information location tool" down the stack, such that rather than requiring the removal of access to the specific infringing content, it would require removal of access to an entire site based on a single accusation of infringement. Someone uploaded an infringing video to YouTube? Under this interpretation, the MPAA can force Verizon to make YouTube disappear from the internet for all users relying on Verizon's DNS. The censorship implications are massive here, especially with no court proceeding at all. This wouldn't require anything in court -- just a single takedown notice, of which copyright holders send millions. Rather than sending all those notices to Google and getting them delisted from search, copyright holders could turn the firehose towards Verizon, AT&T and Comcast, and basically take down half the internet on their say so alone. Yes, sites could counternotice, but ISPs would have 10 business days in which they can keep sites off their DNS entirely.

The results would be insane.

And that doesn't even touch on the technical havoc this would wreak. As we've noted earlier, the MPAA admits it's not clear on the technical implications of this plan, but let's just point back to Paul Vixie's discussion of how SOPA/PIPA would break the internet by mucking with the core DNS functionality, no matter how it was implemented.

What this goes back to is the core purpose of DNS, which is merely to translate a URL into a numeric equivalent to connect. It's not an information location tool for helping people "find" information -- it's just the basic plumbing of how the internet works. It's how basically all pieces of the internet expect to work. If you put in a URL here, then DNS returns the proper IP addresses to follow through there. Breaking that, effectively fracturing the internet, and creating a patchwork of different DNS systems would create a huge list of problems not easily fixed.

And, yet, because the MPAA can't figure out how to adapt to the times, it appears to be willing to give it a shot. Because, hey, it's better than innovating.